Security Predictions 2015: New Challenges of Risk Mitigation

Michael Fimin, CEO of Netwrix Corporation, shared his thoughts and made a top list of security trends that will drive Information Technology in 2015.

Information technology is constantly evolving, taking in more and more aspects of our personal and professional lives. As the complexity and diversity of devices, platforms, and modes of technological interaction advance, so do the number of associated risks from malicious individuals who wish to exploit and leverage technology for their own purposes.

We are publishing our major observations of current IT security trends, thereby highlighting the most crucial areas to keep watch over:

Cloud

Many individuals and enterprises are already using cloud technologies—such as “software as a service” (SaaS) and “infrastructure as a service” (IaaS)—to store sensitive information and perform business-critical tasks. In response to security concerns and risk management challenges related to cloud computing, the industry continues to look for ways to overcome the market’s security concerns about the adoption of cloud technology.

The security of cloud technologies will continue to develop, focusing on the following three tendencies: improved data encryption; the ability to access audit trails for configuration management and the secure accessing of data; and the development of security brokers for cloud access, allowing for user access control as a security enforcement point between a user and a cloud service provider.

Mobile

As the adoption and standardization of a few select OS platforms grows, the opportunity for attack also increases. For the past few years, we have seen a growth in smartphone malware, increases in mobile phishing attacks, and fake apps making their way to app stores. Targeted attacks on mobile payment technologies can also be expected.

In 2015, we will see various solutions introduced to improve mobile protection, including the development of patch management across multiple devices and platforms, the blocking of apps from unknown sources, and anti-malware protection.

Software defined data center

“Software defined” usually refers to the decoupling and abstracting of various infrastructure elements followed by a centralizing of control. Software defined networking (SDN) and software defined storage (SDS) are clearly trending and we can expect this tendency to expand in 2015.

While these modular software defined infrastructures certainly improve operational efficiency, they also create new security risks. The centralized controllers can become a single point of attack and the cost of malicious attacks and user errors is high.

The adoption of this approach may be growing, but it is still not widespread enough to become a common target for hacker attacks in 2015. However, as more companies run SDN and SDS deployments as pilots or proofs of concept, we expect their security concerns will be raised and addressed by the market. You can expect more of a focus on security from the manufacturers, as well as new solutions from third party vendors.

Internet of Things

The Internet of things (IoT) universe is expanding and a growing diversity of devices are connecting to the network and/or holding sensitive data. This includes everything from smart TVs and Wi-Fi-connected light bulbs to the adoption of standard Internet Protocols in complex industrial operational technology systems.

The IoT is likely to play a more significant role in business innovation in 2015 and beyond. The devices and systems that connect to it, meanwhile, require proper management, as well as security policies and provisions. The security ecosystem that has not yet formed around many of these devices will continue to develop.

We do not expect attacks on the IoT to become widespread yet in 2015. Most attacks are likely to be “whitehat” hacks to report vulnerabilities and proof of concept exploits. That being said, sophisticated targeted attacks may go beyond the traditional network and PCs, depending on the nature of the victim’s specific business processes and connected devices.

Next generation security platfoms

In 2015 and beyond, you can expect to see more vendors in the information security industry talking about integration, security analytics, and the leveraging of big data.

With data coming from more and more sources today, big data and analytics are starting to play a crucial role in IT security, prompting many organizations to change their approach to this issue. Security analytics platforms have to take into account the various internal data sources as well as the external feeds, such as online reputation services and third party threat intelligence feeds.

The role of context and risk assessment will also become more important in the security field. The focus of defense systems becomes more about minimizing the attack surfaces, isolating and segmenting the infrastructure to minimize potential damage, and identifying the most business-critical components to protect.

Looking back at previous years, which were full of unprecedented security incidents, new security challenges will, unfortunately, continue to arise. IT professionals should be armed with mission-critical information on what security threats they might face in the near future and be prepared to defend against them in advance.